Security Debriefhttp://securitydebrief.com
Security Debrief is a blog dedicated to homeland security, terrorism and counter-terrorism, intelligence and law enforcement that provides context to the debates, policies and politics that are playing out in Washington, D.C.Wed, 25 Mar 2015 14:27:02 +0000en-UShourly1http://wordpress.org/?v=4.0.1Nominee to Head TSA Soon? Not Soon Enoughhttp://securitydebrief.com/2015/03/25/nominee-for-tsa-administrator-soon-not-soon-enough/
http://securitydebrief.com/2015/03/25/nominee-for-tsa-administrator-soon-not-soon-enough/#commentsWed, 25 Mar 2015 14:24:43 +0000http://securitydebrief.com/?p=15552In advance of an oversight hearing on TSA by his subcommittee today, Rep. John Katko (R-NY) wrote to President Obama asking for the White House to fill the TSA Administrator’s position “ASAP,” according to a story in the Syracuse newspaper.

Last week DHS Secretary Jeh Johnson told a small group of aviation executives that the White House had settled on a candidate and world be submitting the nomination to the Senate “very soon,”

As have previously written, I hope that name is Acting TSA Administrator Mel Carraway. He is highly qualified, well respected in the TSA workforce and would continue the very popular implementation of risk-based-security that took root under former Administrator John Pistole.

We shall see what comes out of the White House and, more importantly whether “soon” means within a matter of days or a longer period of time. Whatever “soon” means, it won’t be soon enough for Rep. Katko and his colleagues on the House Homeland Security Committee, or the bi-partisan group of Senators who wrote a similar letter a couple of weeks ago.

It’s time to get a nominee and get her or him confirmed. The job is too important to be left hanging in limbo by a White House that desperately needs to repair relations with Congress. Naming the next TSA Administrator would be a good first step.

]]>http://securitydebrief.com/2015/03/25/nominee-for-tsa-administrator-soon-not-soon-enough/feed/0DHS Vacancies Need to be Filled – And It Should Not Be Too Hardhttp://securitydebrief.com/2015/03/16/dhs-vacancies-need-to-be-filled-and-it-should-not-be-too-hard/
http://securitydebrief.com/2015/03/16/dhs-vacancies-need-to-be-filled-and-it-should-not-be-too-hard/#commentsMon, 16 Mar 2015 11:41:16 +0000http://securitydebrief.com/?p=15543Last week’s Senate Commerce Committee announcement about an upcoming hearing on TSA’s FY16 budget request inferentially noted that the White House still had not sent the Senate a nominee to replace former Administrator John Pistole, who left at the end of last year to become President of Anderson University in Indiana. Before I get totally bent out of shape again that there are too many congressional committees having jurisdiction over the affairs of the Department of Homeland Security, the Commerce Committee has a point that needs to be addressed.

The less-than-gentle poke at the slowness of the White House personnel operation came a few weeks after a bipartisan letter to President Obama asking (in typical bureaucratic prose) when the White House was going to get off its political keister and send them a nominee to lead the Transportation Security Agency. That letter, signed by Sens. John Thune (R-S.D.), Bill Nelson (D-Fla.), Kelly Ayotte (R-N.H.), Maria Cantwell (D-Wash.), and Deb Fischer (R-Neb.) asked President Obama “to prioritize the formal nomination of a qualified, experienced, and dedicated individual to serve as Administrator of the Transportation Security Administration (TSA).”

To the best of my knowledge, the White House has not responded to that request – an inference I draw given the language in the Committee’s hearing notice last week.

Unconfirmed rumors are that DHS Secretary Jeh Johnson’s office had recommended two people who were thought to be “highly qualified for the position” to the Office of Presidential Personnel, but both were either rejected or withdrew from consideration. DHS insiders say that White House minions let Secretary Johnson know that the White House would pick the person for the TSA front office, and that he did not need to waste further energy in making suggestions. IF that is true, it is further evidence of the type of “central control” that has characterized the Obama Administration’s personnel selections in other cabinet agencies. If it is NOT true, then one wonders what the White House found objectionable. Either way, the result is that the Senate has no one to confirm – yet.

The obvious and best choice for TSA Administrator is the person who is currently in the position in an “acting” capacity – Mel Carraway. Since stepping into the Administrator’s office from his previous position as TSA’s Deputy Administrator, Carraway has continued to guide TSA on the path that Pistole set during his heralded tenure. Carraway is substantively qualified, having served in a number of operational positions in his decade of service at TSA. According to his biography on the TSA website:

Since joining TSA in 2004, Carraway also held various positions within the Offices of Security Operations and the Law Enforcement-Federal Air Marshal Service. Previously, Carraway was the Supervisory Federal Air Marshal in Charge for the Dallas field office, where he managed the Dallas area OLE-FAMS workforce and operations, oversaw firearms and tactical training, and engaged with state and local law enforcement and security stakeholders. In the Office of Security Operations, Carraway served as the Area Director for the Pacific Islands and states in the Southwest and the Northwest, where he was responsible for managing and coordinating security activities throughout the region and driving operational improvement. He has also served as the Director for Field Operations, where he managed all federal security directors in airports nationwide, providing management and oversight of security operations and engaging with airport stakeholders and law enforcement agencies nationwide. In 2004, Carraway joined TSA as the Federal Security Director at the Albuquerque International Airport in New Mexico.

Carraway began his civilian public service career in 1979 as an officer with the Indiana State Police. As an ISP major, he was appointed as the Director of the Indiana State Emergency Management Agency. Carraway rose through the ranks and was appointed as the ISP Superintendent in 1997, becoming the first African-American superintendent for the Indiana State Police and second African-American in the U.S. to head a statewide law enforcement agency. His accomplishments include the incorporation of private sector best practices, shifting focus from outputs to outcomes, and an agency reorganization to focus on violent crimes, crimes against children and cyber-crime. He retired from the ISP in 2004.

Are you kidding me? Is there anyone else in the world who has such a distinguished TSA and local law enforcement career and can also “sing for his supper,” as it were, if the need arose?

By all accounts, Mel Carraway has the respect of the front-line employees and supervisors in TSA’s vast organization. A good leader is one who can attract followers while, at the same time, accomplishing the mission he or she has been assigned. Carraway is also well-liked by homeland security types on both sides of Capitol Hill, I am told. By that definition, he would seem to be the right man for the TSA Administrator’s position, especially given the fact that President Obama is in his last two years and will have to deal with a Republican majority in the Senate for the remainder of his tenure in the White House.

Unfortunately, the same rumor mill that reported on the “thanks, but no thanks” response to Secretary Johnson’s recommendations is also reporting that the White House believes Carraway is “too nice” to be an effective Administrator. SERIOUSLY? This is the federal agency that interacts with more Americans than any other on a daily basis. In 2014, the TSA screened more than 650 million passengers, nearly 1.8 million every day. Don’t we want someone at the top who leads by example – and by that I mean a “good” example?

Perhaps the White House is waiting to see what happens in the Chicago Mayoral elections. If current Mayor and former White House Chief of Staff Rahm Emanuel does not survive his re-election bid, then Uncle Rahmmy certainly fits the bill as being not “too nice.” News reports say he has mellowed since being elected Chicago’s Mayor and has a lot more humility than the time at the White House when the (tongue-in-cheek) nameplate on his desk allegedly read: “Under Secretary of Go F*** Yourself.” If the White House is holding off to see what will happen in Chicago, or if they are looking for someone else who possesses a “tougher” persona than Carraway, then the Senate Commerce Committee is right to be concerned. Those impacted by TSA should be also.

TSA needs stability in the front office. The workforce needs someone who understands their issues. The travel community wants someone who will listen to their concerns. Good security and good customer service are not antithetical concepts. Effective management and good manners often go together. It’s high time the White House recognized that it can get what it ought to want by sending Mel Carraway’s name to the Senate as its nominee to lead TSA.

And if the Senate leadership wants to show the White House that the nomination process will work now that they are in charge, the Senate could vote on the nomination of Russell Deyo to be the DHS Under Secretary for Management. After his nomination died on the Senate floor last year, the White House resubmitted his name on January 8, 2015, and two weeks later, on January 22, the Senate Homeland Security and Governmental Affairs Committee reported it out to be voted upon by the full Senate. It still sits on the Senate’s Executive Calendar. There was almost no opposition to Deyo’s nomination last year and one cannot imagine that situation has changed, given the glowing comments that were made during his confirmation hearing.

DHS has been without an Under Secretary for Management far longer than it has been without a confirmed TSA Administrator. It is time to get both positions filled. The White House and the Senate need to act.

]]>http://securitydebrief.com/2015/03/16/dhs-vacancies-need-to-be-filled-and-it-should-not-be-too-hard/feed/0Take it Easy on S&T – Cancelled Biodetection Program Isn’t a Big Dealhttp://securitydebrief.com/2015/03/11/take-it-easy-on-st-cancelled-biodetection-program-isnt-a-big-deal/
http://securitydebrief.com/2015/03/11/take-it-easy-on-st-cancelled-biodetection-program-isnt-a-big-deal/#commentsWed, 11 Mar 2015 12:50:05 +0000http://securitydebrief.com/?p=15534Bureaucracies waste money, and there are few bureaucracies bigger than the Department of Homeland Security. A recent DHS Inspector General report found that the Science and Technology (S&T) Directorate mismanaged and prematurely cancelled a biodetection project with NVS Technologies, Inc., effectively wasting $23 million. The IG said in its report, “Program managers did not document contract oversight because S&T does not have adequate policies and procedures governing contract management.”

Normally, I’d stomp my feet and rail against the wastefulness of big government. In this case, however, the IG’s findings should be taken with a dose of understanding. Here are three reasons why we should cut S&T some slack.

A government biodetection project is one of the hardest things to get right. BioWatch, the nation’s current system of biodetection technologies, is an enormous waste of money. There are aerosol sensors and filters around the country that are manually collected every day and tested in a lab for dangerous elements, a process that leaves a 12-to-36-hour window between when a dangerous agent is introduced into the environment and when we find out about it. Gen 3 was supposed to be an upgrade to the labor-intensive BioWatch program, but the DHS Office of Health Affairs (OHA), which administered the program, did a lousy job of pushing an emerging technology into the marketplace, for a variety of reasons. Gen 3 became such a disaster that Secretary Jeh Johnson had the good sense to cancel it almost as soon as he took the helm at DHS. All this is to say, DHS has long been challenged when it comes to biodetection.

S&T has successful, ongoing biodetection projects. In 2013, I spoke with Dr. Anne Hulgren, who at the time was S&T’s Branch Chief of Chemical and Biological Research and Development. Hulgren described a new biodetection system under development, dubbed Detect to Protect (D2P). An autonomous two-tier sensing system, D2P constantly tests the air for dangerous particles. When one is found, it triggers the second sensor that compares the particle to a list of dangerous pathogens. And this technology works, returning no false positives during testing in the Boston subway. The point is, the cancelled project does not mean we are at square one when it comes to biodetection research and development.

Why did the IG launch an investigation into the management of this project? Word has it that it was the Directorate itself that asked the IG to look into a mishandled project. S&T acknowledged that there was a problem and went to the Department’s inspector for a formal investigation. A federal agency made a mistake and asked for outside support in figuring out why? That’s almost breathtaking in its show of humility and good governance (because it is so divergent from the normal government tactics of blame-dodging and PR damage control).

There are many federal, state, and local projects that deserve heavy criticism and public outrage for their reckless waste of taxpayer money. S&T’s cancelled biodetection project is not one of them. The IG report offered actionable recommendations for how to keep future projects from failing for want of better management. S&T agreed. Lesson learned, case closed.

]]>http://securitydebrief.com/2015/03/11/take-it-easy-on-st-cancelled-biodetection-program-isnt-a-big-deal/feed/0That Was the Week That Was – The 2015 Versionhttp://securitydebrief.com/2015/03/09/that-was-the-week-that-was-the-2015-version/
http://securitydebrief.com/2015/03/09/that-was-the-week-that-was-the-2015-version/#commentsMon, 09 Mar 2015 11:47:28 +0000http://securitydebrief.com/?p=15526One of the earliest political satire shows on television was the early 1960s BBC program, “That Was The Week That Was,” known by its colloquial name, “TW3.” It helped create the career of a young news reader/interviewer named David Frost and helped develop the writing skills of Graham Chapman and John Cleese, who went on to found the Monty Python comedy troupe.

The program, which was broadcast on Saturday evenings, was a major hit at the time as it broke new ground in adapting political satire to the medium of television. The program concept was later picked up in the United States by NBC, and the US version of TW3 was broadcast for a couple of years. In my view, TW3 was the precursor of the early political satire segments of Saturday Night Live and created a rough template for the ultra-popular recent cable shows of Jon Stewart and Stephen Colbert.

The BBC show started with a song sung by the magnificent Millicent Martin, the first line of which was: “That was the week that was, It’s over, let it go …”

The words of that song, and the premise of the TW3 program, come roaring back to me as I look back on the week that just ended. In a span of seven days:

The Israeli Prime Minister Benjamin Netanyahu spoke before Congress, boycotted by many Democrats and panned by the White House, slammed the Obama Administrations effort to reach a deal with Iran to prevent the development of nuclear weapons. Even as the White House denied it would make a “bad deal” with Iran, rumors flew that Iran’s Supreme Leader Ali Khamenei was terminally ill and may have died, only to appear in video of a public event at his residence at the end of the week;

Former Secretary of State Hilary Clinton asked the State Department to turn over e-mails she had kept on a private server at her residence in New York, raising serious cyber security questions in addition to the political ones that drove the Beltway pundit class into a froth, the most damaging of which was Ron Fournier’s piece in National Journal, which suggested she should not run for president in 2016;

Russian President Vladimir Putin condemned Boris Nemtsov’s murder calling it a political killing, contradicting theories that Putin’s political opponent was shot over a domestic or business dispute as Putin tried to convince skeptics that he would lead the investigation to find the killers;

Current Russia resident and former NSA contractor Edward Snowden let it be known that he would like to return to the United States, where he will certainly face serious legal charges for leaking thousands of pages of classified materials. Snowden’s lawyer says all he wants is a “fair and legal trial;”

Despite record amounts of snowfall outside the federal courthouse in Boston – snow so deep that would have shut down most cities – the trial of Boston marathon bomber Dzhokhar Tsarnaev began with his attorney admitting in her opening statement that he did it. “It was him,” defense attorney Judy Clarke told jurors, hoping the admission will keep the jury from imposing the death penalty against him;

The New York Times reported that Islamic State militant groups attacked the ancient archaeological site of Nimrud in northern Iraq and damaged or destroyed ancient structures and artifacts, as they had previously done in Syria, based upon their zero tolerance interpretation of Islamic law. This latest report followed the release last week of videotape of Islamic State militants destroying statues and artifacts in the Mosul Museum and at the Nergal Gate entryway to ancient Nineveh;

Former DHS Secretary Michael Chertoff, speaking at a Chertoff Group Security Summit on Critical Infrastructure Protection in Houston, was quoted as saying: “The amazing expansion of the IoT [Internet of Things] is a growing threat to our Nation’s critical infrastructure.” We know this because Chertoff Group principal and former DHS Deputy Under Secretary for Cybersecurity Mark Weatherford tweeted it out to the world;

A souvenir truck caught fire less than two blocks from the White House and caused a security lockdown just as President Barack Obama and his family were about to board a helicopter to Andrews Air Force Base. The souvenir truck, which belonged to a family from Virginia was completely destroyed by the fire, according to Reuters;

President Obama gave one of the best speeches of his presidency standing at the foot of the Edmund Pettus Bridge in Selma, Alabama, marking the 50th anniversary of the police confrontation with civil rights marchers, now known as “Bloody Sunday.” In doing so, he implicitly rebutted the charge made at a dinner at New York 21 Club by former NY Mayor Rudy Giuliani, that the President does not love America. Obama noted that great progress had been made in race relations in the United States following the events in Selma in 1965 but that the march started there was not yet completed;

The US Justice Department released a report saying that there had been a significant “pattern of civil rights violations” by the Ferguson, Missouri Police Department and Municipal Court; however, the police officer who shot Michael Brown and was at the heart of this summer’s public marches will not be indicted;

Homeland Security Today Editor-in-Chief Anthony Kimery exposed a serious flaw in a recent GAO Report that the surge of unaccompanied alien children from Central America and Mexico last year was fueled by crime and economic uncertainty. Kimery noted that the GAO’s assertion was completely at odds with an intelligence assessment published by the DEA’s El Paso Intelligence Center (EPIC) last year: “The EPIC assessment stated the surge of UACs and families into Texas’ Rio Grande Valley that began in 2012 had much more to do with human traffickers promoting false information that anyone who could get to the US would be allowed to stay.”

WOW… and that was just a few of the things that happened last week in addition to a “snow event” that shut down the federal government and most of the Washington, DC, area for several days.

No wonder the Washington Post’s Greg Miller ended the week with a thoughtful and sobering analysis, concluding that U.S. counterterrorism officials and experts have entered a period of “particular gloom,” which reflects a pessimism that has descended on the CT community “over the past year amid a series of discouraging developments.” Given the list of events of this past week, I’d normally be depressed too, but I know that not all is doom and gloom. How do I know this?

Spring training baseball games have started. The snow is melting. DHS is funded. The federal government did not dive into the abyss. Daylight Savings Time kicks in and most dairy cows will not be confused nor thrown for a loop. The barbecue grill is almost ready.

The month of March came in “like a lion.” Who knows what will happen next? As the BBC song lyrics say, “That was the week that was, it’s over, let it go …”

]]>http://securitydebrief.com/2015/03/09/that-was-the-week-that-was-the-2015-version/feed/0‘Jihadi John’ Unmasked – Now What?http://securitydebrief.com/2015/02/26/jihadi-john-unmasked-now-what/
http://securitydebrief.com/2015/02/26/jihadi-john-unmasked-now-what/#commentsThu, 26 Feb 2015 17:24:21 +0000http://securitydebrief.com/?p=15511He is the masked face of ISIS, his black-clad figure a harbinger of gruesome murder in a series of videos showing the execution of ISIS hostages. He goes by the alliterative, absurd moniker Jihadi John, but today, the world knows his real name: Mohammed Emwazi.

Emwazi is British, born in Kuwait. Purportedly in his mid-20s, he holds a degree in computer programming and hails from a middle class family. He had every opportunity to lead a virtuous life contributing to society. Instead, he chose a life of evil and destruction, desecrating the tenets of his supposed faith and betraying every ounce of his humanity. Now he is a dead man walking, though he’ll probably be walking for a while. The odds that military forces can find and kill him anytime soon are beyond remote, absent a really lucky day of coalition bombing.

Even as the Brits must be happy that they put a name to their regrettable ex-patriot, this revelation doesn’t change anything and ultimately doesn’t matter. Without doubt, if a coalition bullet passed through Emwazi’s skull, another of ISIS’ thousands of followers would put on the trademark ninja mask. Jihadi John is not “the world’s most wanted terrorist,” as some cable networks have dubbed him, because he is not one person. He is figurehead, a mascot. If you want to destroy a mascot, you have to eliminate the team. In other words, when we destroy ISIS, Jihadi John will go with them.

Rather than focus our national ire on Emwazi, we need to be looking to our country, our own communities. Why? Fact: There are terrorist recruiters on the ground in the United States.

ISIS’ social media recruitment campaigns have received a lot of attention, but what has not received attention is that face-to-face interaction remains a fundamental part of the recruitment process in the United States. My fellow Security Debrief contributor Erroll Southers and I have been conducting on-the-ground research in Minneapolis, Minn. We have met with members from throughout the Somali-American community, which historically has been a major target for foreign terrorist group recruitment. Let me be clear: the Americans I have spoken with are some of the most patriotic I have ever met. One of our interview subjects related a conversation she had with a group of women who were criticizing the United States, characterizing America as the enemy of Islam. The woman, who wears traditional clothing and hijab, responded by saying:

“How is the United States the enemy? I wear what I want. I go to work in hijab. I pray whenever and wherever I want. Celebrate Ramadan when I want. How is the United States threatening your religion?”

That sentiment is broadly shared throughout the Somali-American community. Indeed, most of the people with whom I have spoken have indicated an immense thankfulness and loyalty to the United States because this country was a refuge for them when war and famine decimated Somalia. That said, there are recruiters on the ground in Minneapolis. Who they are and where they are remain important questions, but the point is, the threat is here, not just over there. We have our own Jihadi Johns to worry about. But we also have something ISIS does not. We have liberty, and for 99.9% of the people in this country, that liberty will never be traded for anything, least of all a horrible lie that is ISIS’ ideology.

Emwazi and his evil ilk will be committing atrocities in the Middle East for some time. This fight is only beginning. Naming Emwazi may make us feel like the coalition has achieved something, but if we are serious about defeating ISIS (and there is some question as to whether we are), let’s stop patting ourselves on the back for things that ultimately will not contribute to ISIS’ defeat.

Healthcare is the largest single sector of the U. S. economy, nearing $3 trillion and employing more than 15% of the population. Hospitals are shining beacons, open all hours and attracting all parts of the community to their doors in emergencies. The continuity of this sector is essential to the functioning of all American infrastructure sectors.

Initial federal biodefense funding sent directly to the states to strengthen public health and hospitals was a result of the combined efforts of Senators Sam Nunn and Richard Lugar; in 1998 $25 million was appropriated for labs and a public health early warning system (fax machines and telephones in those days).

Significant funding increases came soon thereafter in response to increasing concerns and events. This pattern of responding to perceived threats and events, rather than building capacity, would happen again and again. At no time did the federal funding ever approach the scale of the industry or nature of the threat.

In the aftermath of the 9/11 and anthrax attacks in 2001, the U.S. Congress appropriated $646 million annually for hospital preparedness. At that time, the American Hospital Association assessed it would take $16 billion to just implement necessary physical security measures in the nation’s hospitals. The immense size of the healthcare sector (as we have seen with payment reform efforts) simply defies federal appropriation in response to events or outbreaks.

In the past three years, President Obama’s request for the Hospital Preparedness Program (HPP) funding has been reduced by 40% to $250 million. The request amounts to less than one ice hockey arena per state, the production costs of a Hobbit movie, or just one hour of spending by Americans on healthcare. Trauma 1 centers in Indianapolis receive $17,000 from HPP while last year one of them issued more than $700 million in bonds.

Federal funding of hospital preparedness is not at a scale necessary to move the system or achieve its stated goals. Last year, new infectious diseases reached the United States: MERS, D68, Chikungunya, and above all, Ebola. The events of October 2014 revealed little resilience on the part of our hospitals and even less stockpiling of protective equipment. Ebola planning in hospitals was haphazard and massively duplicative. A disease that was extremely rare and treatable only in highly specialized conditions engulfed the entire system and wasted millions of dollars and staff hours. A focused and specialized national effort was warranted; a broad, confused and all-enveloping one unfolded.

Just as Tamiflu stockpiles expired from purchases made in 2009, we had less than five days’ supply of protective suits for Ebola on hand. Those same Tamiflu stockpiles (more than $500 million in the acquisition) were generally not released to alter the trajectory of the worst flu season in the last five years. The planning for the unusual events (Ebola) has just not happened because there are no incentives to prepare when emergency management is seen as a cost rather than a business necessity. The response for usual/normal events has just not happened because coalitions have “bought stuff” but have minimal staff or systems to operate.

Healthcare has a wide and varied set of assessments, from the community benefit assessment to the hazard vulnerability assessments done for the commissioning agencies. The HPP does not integrate these tools and lacks the incentives to ensure participation from this most critical infrastructure sector. The program is silent on some of the most critical threats to healthcare, notably cybersecurity.

This past year also saw the implementation of the first fines enacted by the Centers for Medicare and Medicaid Services (CMS) for failure to meet standards for meaningful use and hospital acquired infections. These fines reached as much as 4% in some systems. The $19 billion in meaningful use incentives in the last 5 years are 3 times the amount appropriated since 9/11 for hospital preparedness.

The HPP has focused on process measures rather than outcomes. The program does not map how the business of healthcare networks function, instead using government political boundaries to distribute funds. As a result, the program has not developed recognizable measures for independently assessing preparedness.

CMS is on the cusp of issuing regulations integrating disaster preparedness into the Value-Based Purchasing program. However, the proposed use of additional bed capacity as the measure undermines community-wide efforts and supports inefficient facility specific measurement. A new community-driven assessment process is needed such that incentives are commensurate with the scale of the healthcare industry. The CMS regulations are necessary but lack built-in incentives that address the full scope of the industry. The $19 billion spent for meaningful use would be a start.

Tim Stephens is the CEO of MESH, Inc., a non-profit, public-private coalition enabling healthcare providers to respond effectively to emergency events and remain viable through recovery.

On October 4, 2014, when President Barak Obama made his famous speech about U.S. strategy to counter ISIS’s meteoric rise and expansion, he repeated one phrase that caught the attention of many, within and without the United States. He said: “Our objective is clear: We will degrade, and ultimately destroy, ISIL.”

With this catchy phrase, President Obama was probably trying to erase in a hurry the terrible impression left by his earlier comment that “we don’t have a strategy yet.”

The catchphrase caught the attention of observers and analysts around the world. Attempts were made to decipher the deeper meaning behind it. That’s commendable, but it appears that there was nothing more meaningful behind the phrase. It reflected (possibly still reflects) America’s strategic perspective of the best way to deal with the ISIS threat, namely: we are going to take our time, chip away at ISIS gradually, and ultimately we will destroy it.

Fair enough, but this is a bad strategy. It’s bad primarily because it gives ISIS plenty of breathing space to continue operating, to cause enormous pain and suffering right now. Even worse, it allows ISIS to sow the seeds of quite predictable future tragedies by being allowed to continue orchestrating multiple “victory” narratives, and consequently, to continue drawing many vulnerable, impressionable, and ultimately miserable but also dangerous youngsters from across the world.

Not a week goes by without all of us being bombarded by news items that frame ISIS’s narrative as a successful, enterprising, out-of-the-box, West-challenging organization. Nearly every move they take is used by them (and amplified by event-hungry Western media organizations) to poke more than a finger at the “crusaders” and tell them a story that carries at its tip the message: we’re coming to get you.

ISIS’s killers could have executed the 21 Coptic Egyptians anywhere in the vast landmass of Libya; they chose, instead, the seashore of the Mediterranean Sea, facing tantalizingly nearby Europe (the southern tip of Italy), using their theater of the macabre to further buttress their narrative of expansion and success and to tell their huge audience across the world: “we are expanding, we are on the move, and there’s nothing you can do to stop us. Look, we’re already at Europe’s doorstep!”

The week after the horrific Libya executions, audiences across the world were exposed to news about a new ISIS offensive in Iraq. But when it comes to what the forces opposed to ISIS are doing, we learn that they are planning a “spring offensive” to try to route ISIS from its many hold points in northern and western Iraq. What to do about ISIS in Libya, nobody seems to know.

Back to the impressionable youngsters: as long as ISIS is allowed to continue to produce its victory pictures without a serious challenge, in deed and narrative, these youngsters will continue making their way to ISIS territory, buoyed by images of success and victory. By the time many of them realize the bitter reality – as opposed to that painted by ISIS’s supremely talented public relations architects – it is going to be too late for many of them, for their families, communities and countries of origin.

This is why the word “degrade” should be removed from the strategic philosophy of those arrayed against ISIS. If they think that this is an organization, a movement, a message that needs destroying, they should destroy it; they should not allow it a moment more breathing time than is absolutely necessary. Every such moment is detrimental to vulnerable young multitudes and all of us by extension. To them, President Obama and the anti-ISIS coalition bear no less responsibility than those directly impacted by ISIS in Iraq, Syria and elsewhere in the Middle East and North Africa.

Dr. Doron Pely is the Executive Director of the Sulha Research Center in Israel. Doron studies and teaches Muslim customary conflict and conflict management practices. His experience combines military (Lieutenant), police intelligence (field and analysis), business intelligence, executive duties, and academic and field research. Doron earned his PhD in Middle East Studies from King’s College, London.

]]>http://securitydebrief.com/2015/02/23/dont-degrade-isis-destroy-it/feed/0The Constitution is an Asset in Fighting Crime, Terrorismhttp://securitydebrief.com/2015/02/20/the-constitution-is-an-asset-in-fighting-crime-terrorism/
http://securitydebrief.com/2015/02/20/the-constitution-is-an-asset-in-fighting-crime-terrorism/#commentsFri, 20 Feb 2015 13:04:30 +0000http://securitydebrief.com/?p=15495One of the most interesting, revealing and important discussions I have ever had occurred in 1992 on a beach at the Four Seasons in Maui. I had been invited there as part of the Young Leaders Program of the Atlantic Council of the United States and was meeting with a few dozen other under 40’s from around the world.

One day, on that beach, I was talking to a fellow named Jaroslaw Guzy. Jaroslaw had been a leader in the student arm of the Solidarity movement in Poland and had spent some time in prison during the martial law years. The “authorities” had come for Jaroslaw in the night, taken him away and locked him up.

Having been a Soviet Studies major in college in the 1970s, I asked a question I had always wanted to ask someone like him. I knew that Soviet-style constitutions included language about freedom of speech, expression and so on – most of the typical Bill of Rights issues. So I asked him about that fact and about how it was they offered no protection (beyond the lack of a moral compass in the leadership).

He pointed out that, unlike the U.S. Constitution, the constitutions in those countries offered absolutely no protection against things like unreasonable search and seizure. There was no right to representation, jury trial, due process, self-incrimination or any of those things. I came to understand that day, in that most unlikely of places, with the most unlikely of people, that the portions of the U.S. Constitution offering those protections are the most important pieces of the U.S. Constitution. That is why I have always cringed when I hear some people call those rights “criminals rights.” They are my rights. And yours.

I thought of that conversation while reading an important new book, Red Notice, by Bill Browder. If you read one book this year, read this one. Browder was the largest investor in Russia, until he began to understand how the leadership kleptocracy was robbing the country blind and tried to do something about it. His Russian tax attorney, Sergei Magnitsky, an idealistic young man who came of age in post-communist Russia, was arrested, tortured and killed by the country he loved, a country he was confident operated under a rule of law and could never do such a thing. And it was done to him simply because he had helped uncover a massive tax fraud.

Most of the articles about Red Notice are about Browder and Putin and the future of Russia. But it is also a cautionary tale about what happens when the basic protections we take for granted are eroded or non-existent. The book is filled with stories of Browder and his people working through channels, doing what the law directed them to do. And the result was tragic.

Oftentimes when we hear about particularly heinous crimes, we want to start peeling those protections away; for those people, the ones who commit these crimes. It may feel good and may seem like a sensible thought, but we should remember that those protections are there to be applied to all of us, and not selectively. And what happened to people like Jaroslaw Guzy and Sergei Magnitsky can happen to anyone when those protections are stripped away. After all, neither Guzy nor Magnitsky did anything wrong.

]]>http://securitydebrief.com/2015/02/20/the-constitution-is-an-asset-in-fighting-crime-terrorism/feed/0DHS IG Talks on CNN Over CBP UAV Programhttp://securitydebrief.com/2015/02/19/dhs-ig-talks-on-cnn-over-cbp-uav-program/
http://securitydebrief.com/2015/02/19/dhs-ig-talks-on-cnn-over-cbp-uav-program/#commentsThu, 19 Feb 2015 13:35:23 +0000http://securitydebrief.com/?p=15493The public debate is raging over whether Predator Unmanned Aerial Vehciles (UAVs) are the right tool for monitoring the U.S. border. DHS Inspector General John Roth spoke to CNN’s Drew Griffin about his office’s recent report that criticized the Customs and Border Protection (CBP) UAV program becuase of the high cost of using these UAVs ($12,255/hr), as well as their questionable effectiveness in patrolling the border. The CBP Office of Air and Marine, which runs the $360 million UAV program, disagrees and has been pushing back. Roth seems to be pushing harder. When something as niche as border surveillance technology makes mainstream cable news, the writing is on the wall. Nothing in DC is certain, but it would seem we are entering the final stretch in the UAV border security saga.

Vincent R. Stewart, Lieutenant General, U.S. Marine Corps was promoted into the position of Director of the Defense Intelligence Agency. While our friend and colleague Lt. General Ronald Burgess (ret.), now at Auburn University here in Alabama, certainly understood and respected the importance of the cyber domain, General Stewart represents the first time we have a true cyber warrior at the helm of the DIA. Immediately prior to his appointment as Director of the DIA, General Stewart served as the commander of the Marine Force Cyber Command (described at the end of this blog post.) General Stewart was director of Marine Intelligence from 2009 to 2013, rising through the ranks in a long and distinguished career that began with humble beginnings in Jamaica and includes many decorations for valor and leadership.

Worldwide Threat Assessment – Cyber

On February 3, 2015, Lt. General Stewart delivered his first Worldwide Threat Assessment to the Senate Armed Services Committee. (Transcript here). So what did our new DIA Cyber Warrior leader have to say about Cyber threats?

The briefing began, appropriately, with a status of Iraq and Afghanistan, focusing on terrorist threats from ISIL, al-Qa’ida, and the Taliban. After that he touched on certain other “violent extremist organizations” and concluded with a region-by-region and global threat summary.

In his discussion of ISIL, al-Qa’ida, and the Taliban, no technology or internet discussion was featured. Expanding beyond Iraq, AQAP (Al-Qa’ida in the Arabian Peninsula) was said to be focused on commercial aviation targeted with innovative explosions. AQIM (Al-Qa’ida in Lands of the Islamic Mahgreb) is mostly focused on kidnapping and attacks against allies. The Al-Nusrah Front and the Khorasan group were said to be focused on providing personnel and training in Syria, but with an interest in targeting western interests. IRGC-QF (Islamic Revolutionary Guard Corps-Quds Force) and Lebanese Hizballah were described a “instruments of Iran’s foreign policy and its ability to project power in Iraq, Syria, and beyond.” Boko Haram was described as having the potential to expand beyond Nigeria to become a “significan regional crisis.”

Cyber Operations

The first mention of cyber comes with regard to Russia, mentioning that Russian actions against Kyiv included “the use of propaganda and information operations, cyberspace operations, covert agents, …”While the other regional assessments did not include cyber individually, cyber was brought up in the concluding portion of the remarks in the section labeled “Global Threats.”

General Stewart’s points on the lack of consensus about the status of cyber attacks was especially telling. The “big bullets” from the cyber portion of the talk seem to be:

aggressive attacks against DoD and allied defense networks

increased cyber-espionage against DoD and Defense Contractor networks

concerns about supply chain vulnerabilities

increased use of cyber operations in regional conflicts

a lack of international “norms of behavior” in cyberspace

freedom of action, especially by Iran and North Korea, to conduct peacetime cyber offensive attacks on western interests without fear of reprisal

the use of the Internet by non-state actors for Communication, Propaganda, Fundraising, and Recruitment

Below I quote the General’s remarks on cyber in full:

The global cyber threat environment presents numerous persistent challenges to the security and integrity of DoD networks and information. Threat actors now demonstrate an increased ability and willingness to conduct aggressive cyberspace operations — including both service disruptions and espionage — against U.S. and allied defense information networks. Similarly, we note with increasing concern recent destructive cyber actions against U.S. private-sector networks demonstrating capabilities that could hold U.S. government and defense networks at risk. For 2015, we expect espionage against U.S government defense and defense contractor networks to continue largely unabated, while destructive network attack capabilities continue to develop and proliferate worldwide. We are also concerned about the threat to the integrity of the U.S. defense procurement networks posed by supply chain vulnerabilities from counterfeit and sub-quality components.

Threat actors increasingly are willing to incorporate cyber options into regional and global power projection capabilities. The absence of universally accepted and enforceable norms of behavior in cyberspace contributes to this situation. In response, states worldwide are forming “cyber command” organizations and developing national capabilities. Similarly, cyberspace operations are playing increasingly important roles in regional conflicts — for example, in eastern Ukraine — where online network disruptions, espionage, disinformation and propaganda activities are now integral to the conflict.

Iran and North Korea now consider disruptive and destructive cyberspace operations a valid instrument of statecraft, including during what the U.S. considers peacetime. These states likely view cyberspace operations as an effective means of imposing costs on their adversaries while limiting the likelihood of damaging reprisals.

Non-state actors often express the desire to conduct malicious cyber attacks, but likely lack the capability to conduct high-level cyber operations. However, non-state actors, such as Hizballah, AQAP, and ISIL will continue during the next year to effectively use the Internet for communication, propaganda, fundraising and recruitment.

MARFORCYBER Background

In January, General Stewart passed control of the U.S. Marine Corps Forces Cyber Command (MARFORCYBER) to Major General Daniel J. O’Donohue. (A somewhat dated biography of General O’Donohue is available from the Armed Services Committee)

The command, established in October 2009, was complemented by the Navy’s U.S. Tenth Fleet Cyber Command. According to the Marine Corps’ “Concepts and Programs” document, the mission of MARFORCYBER is to “plan, coordinate, integrate, synchronize, and direct full spectrum Marine Corps cyberspace operations. This includes Department of Defense (DoD) Global Information Grid (GIG) operations, defensive cyber operations, and when directed, planning and executing offensive cyberspace operations. These operations support the Marine Air Ground Task Force (MAGTF), joint, and combined cyberspace requirements that enable freedom of action across all warfighting domains and deny the same to adversarial forces.”